Zulip Versions Save

Release Zulip Server 6.0-beta1.

5.6 -- 2022-08-24

• CVE-2022-36048: Change the Markdown renderer to only rewrite known local links as relative links, rather than rewriting all local links. This fix also protects against a vulnerability in the Zulip mobile app (CVE-2022-35962).
• Added hardening against timing attacks to an internal authentication check.
• Improved documentation for hosting multiple organizations on a server.
• Updated dependencies.
• Updated translations.

5.5 -- 2022-07-21

• CVE-2022-31168: Fix authorization check for changing bot roles. Due to an incorrect authorization check in Zulip Server 5.4 and all prior releases, a member of an organization could craft an API call that would grant organization administrator privileges to one of their bots.
• Added new options to the restore-backup tool to simplify restoring backups on a system with a different configuration.
• Updated translations, including major updates to the Mongolian and Serbian translations.'

5.4 -- 2022-07-11

• CVE-2022-31134: Exclude private file uploads from exports of public data. We would like to thank Antoine Benoist for bringing this issue to our attention.
• Upgraded python requirements.
• Improved documentation for load balancers to mention CIDR address ranges.
• Documented an explicit list of supported CPU architectures.
• Switched html2text to run as a subprocess, rather than a Python module, as its GPL license is not compatible with Zulip’s.
• Replaced markdown-include python module with a reimplementation, as its GPL license is not compatible with Zulip’s.
• Relicensed as GPL the tools/check-thirdparty developer tool which verifies third-party licenses, due to a GPL dependency by way of python-debian.
• Closed a potential race condition in the Tornado server, with events arriving at exactly the same time as request causing server errors.
• Added a tool to help automate more of the release process.

5.3 -- 2022-06-21

• CVE-2022-31017: Fixed message edit event exposure in protected-history streams. Zulip allows a stream to be configured as private with protected history, which means that new subscribers should only see messages sent after they join. However, due to a logic bug in Zulip Server 2.1.0 through 5.2, when a message was edited, the server would incorrectly send an API event that included both the edited and old content of the message to all of the stream’s current subscribers, regardless of whether they could see the original message. The impact of this issue was reduced by the fact that this API event is ignored by official clients, so it could only be observed by a user using a modified client or their browser’s developer tools.
• Adjusted upgrade steps to cause servers using PostgreSQL 14 to upgrade to PostgreSQL 14.4, which fixes an important potential database corruption issue.
• Upgraded the asynchronous request handling to use Tornado 6.
• Fixed a crash when displaying the error message for a failed attempt to create a stream.
• Optimized the steps during upgrade-zulip, to reduce the amount of server downtime.
• Added a --skip-restart flag to upgrade-zulip which prepares the new version, but does not restart the server into it.
• Stopped mirroring the entire remote Git repository directly into /srv/zulip.git. This mirroring removed local branches and confused the state of previous deployments.
• Fixed a bug which could cause the delete_old_unclaimed_attachments command-line tool to remove attachments that were still referenced by deleted (but not yet permanently removed) messages.
• Stopped enabling USE_X_FORWARDED_HOST by default, which was generally unneeded; the proxy documentation now clarifies when it is necessary.
• Fixed the nginx configuration to include the default system-level nginx modules.
• Only attempt to fix the certbot SSL renewal configuration if HTTPS is enabled; this addresses a regression in Zulip Server 5.2, where the upgrade would fail if an improperly configured certificate existed, but was both expired and not in use.
• Improved proxy and database backup documentation.

• Fixed a performance regression in the UI, introduced in 5.0, when opening the compose box.
• Fixed a bug which could intermittently cause URL previews to fail, if Zulip was being run in Docker or in low-memory environments.
• Fixed an issue which would cause PostgreSQL 10 and PostgreSQL 11 to attempt to write each WAL log to S3, even if S3 WAL backups/replication were not configured.
• Fixed an issue which prevented the SCIM integration from deactivating users.
• Fixed a bug that resulted in an “You unsubscribed” notice incorrectly appearing when new messages arrived in a topic being viewed via a “near” link.
• Fixed digest emails being incorrectly sent if a user was deactivated after the digest was enqueued but before it was processed.
• Fixed warning about EMAIL_HOST_PASSWORD being unset when explicitly set to empty.
• Fixed incomplete tracebacks when timeouts happen during Markdown rendering.
• Fixed some older versions of Zulip Server not being considered when comparing for the likely original version of settings.py.
• Stopped using the database_password if it is set but database_user is not.
• Stopped trying to fix LetsEncrypt certificate configuration if they were not currently in use.
• Sorted and prettified the output of the check-database-compatibility tool.
• Split the large zerver/lib/actions.py file into many files under zerver/actions/. This non-functional change was backported to ensure it remains easy to backport other changes.
• Updated documentation to reflect that current mobile apps are only guaranteed to be compatible with Zulip Server 3.0 and later; they may also work with earlier versions, with a degraded experience.

• Fixed upgrade bug where preexisting animated emoji would still always animate in statuses.
• Improved check that prevents servers from accidentally downgrading, to not block upgrading servers that originally installed Zulip Server prior to mid-2017.
• Fixed email address de-duplication in Slack imports.
• Prevented an extraneous scrollbar when a notification banner was present across the top.
• Fixed installation in LXC containers, which failed due to chrony not being runnable there.
• Prevented a "push notifications not configured" warning from appearing in the new user default settings panel even when push notifications were configured.
• Fixed a bug which, in uncommon configurations, would prevent Tornado from being restarted during upgrades; users would be able to log in, but would immediately be logged out.
• Updated translations.

5.0 -- 2022-03-29

Highlights

• New resolve topic feature allows marking topics as ✔ completed. It’s a lightweight way to manage a variety of workflows, including support interactions, answering questions, and investigating issues.
• Administrators may enable the option to create web-public streams. Web-public streams can be viewed by anyone on the Internet without creating an account in your organization.
• Users can now select a status emoji alongside their status message. Status emoji are shown next to the user's name in the sidebars, message feed, and compose box. Animated status emoji will only animate on hover.
• Redesigned the compose box, adding formatting buttons for bold, italics and links as well as visual improvements. New button for inserting global times into your message.
• Redesigned "Stream settings" to be much more usable, with separate tabs for personal settings, global settings, and membership, and more consistent style with the rest of Zulip's settings.
• Stream creation was redesigned with a much cleaner interface, especially for selecting initial subscribers.
• Redesigned "Full user profile" widget to show the user's stream and user group subscriptions. Administrators can unsubscribe a user from streams directly from their full profile.
• Reorganized personal and organization settings to have clearer labels and make it easier to find privacy settings.
• Organization administrators can now configure the default personal preference settings for new users joining the organization.
• Most permissions settings now support choosing which roles have the permission, rather than just allowing administrators or everyone.
• Permanent links to conversations now correctly redirect if the target message has been moved to a new stream or topic.
• Added a data import tool for migrating from Rocket.Chat. Mattermost data import now supports importing uploaded files.
• Improved handling of messages containing many images; now up to 20 images can be previewed in a single message (up from 5), and a new grid layout will be used.
• OpenID Connect joins SAML, LDAP, Google, GitHub, Azure Active Directory, and more as a supported Single Sign-On provider.
• SAML authentication now supports syncing custom profile fields. Additionally, SAML authentication now supports automatic account creation and IdP-initiated logout.
• Added SCIM integration for synchronizing accounts with an external user database.
• Added support for installation on ARM platforms (including Mac M1).
• Removed support for Ubuntu 18.04, which no longer receives upstream security support for key Zulip dependencies.

Upgrade notes for 5.0

• This release contains a migration, 0009_confirmation_expiry_date_backfill, that can take several minutes to run on a server with millions of messages of history.
• The TERMS_OF_SERVICE and PRIVACY_POLICY settings have been removed in favor of a system that supports additional policy documents, such as a code of conduct. See the updated documentation for the new system.

Full feature changelog

• Timestamps in Zulip messages are now permanent links to the message in its thread.
• Added support for invitation links with configurable expiry, including links that never expire. Deactivating a user now disables all invitations that the user had sent.
• Added support for expanding the compose box to be full-screen.
• Added support for filtering events in webhooks.
• Added support for overriding Zulip's defaults for new users in your organization.
• Added support for referring to a user group with a silent mention.
• Added new personal privacy setting controlling whether typing notifications are sent to other users.
• Added new personal setting controlling whether Esc navigates the user to the default view.
• Split stream creation policy into separate settings for private, public, and web-public streams.
• New integrations: Freshstatus, Lidarr, Open Collective, Radarr, Sonarr, SonarQube.
• Message edit notifications now indicate how many messages were moved, when only part of a topic was moved.
• Muted topic records are now moved when an entire topic is moved.
• Search views that don't mark messages as read now have an explanatory notice if any unread messages are present.
• Added new "Scroll to bottom" widget hovering over the message feed.
• Changed the default emoji set from Google Classic to Google Modern.
• User groups mentions now correctly function as silent mentions when inside block quotes.
• Messages that have been moved (but not otherwise edited) are now displayed as MOVED, not EDITED.
• Reworked the UI for selecting a stream when moving topics.
• Redesigned modals in the app to have more consistent and cleaner UX.
• Added new topic filter widget in left sidebar zoomed view.
• Redesigned Welcome Bot onboarding experience.
• Redesigned hover behavior for timestamps and time mentions.
• Messages sent by muted users can now be rehidden after being revealed. One can also now mute deactivated users.
• Rewrote Help Center guides for new organizations and users, and made hundreds of other improvements to Help Center content and organization.
• Reimplemented the image lightbox's pan/zoom functionality to be nicer, allowing us to enable it be default.
• Added styled loading page for the web application.
• Webhook integrations now support specifying the target stream by ID.
• Notifications now differentiate user group mentions from personal mentions.
• Added support for configuring how long the server should wait before sending email notifications after a mention or PM.
• Improved integrations: BigBlueButton, GitHub, Grafana, PagerDuty, and many more.
• Improved various interaction and performance details in Recent Topics.
• Improved styling for poll and todo list widgets.
• Zulip now supports configuring the database name and username when using a remote Postgres server. Previously, these were hardcoded to "zulip".
• Migrated many tooltips to prettier tooltips powered by TippyJS.
• Autocomplete is now available when editing topics.
• Typeahead for choosing a topic now consistently fetches the full set of historical topics in the stream.
• Changed "Quote and reply" to insert quoted content at the cursor when the compose box is not empty.
• The compose box now has friendly UI for messages longer than 10K characters.
• Compose typeahead now opens after typing only "@".
• Improved the typeahead sorting for choosing code block languages.
• Many additional subtle usability improvements to compose typeahead.
• Adjusted permissions to only allow administrators to override unicode emoji with a custom emoji of the same name.
• New "Manage this user" option in user profile popovers simplifies moderation.
• New automated notifications when changing global stream settings like description and message retention policy.
• Drafts are now advertised more prominently, in the left sidebar.
• Drafts and message edit history now correctly render widgets like spoilers and global times.
• Improved the tooltip formatting for global times.
• LDAP userAccountControl logic now supports FreeIPA quirks.
• Fixed a problem where self-hosted servers that permuted the IDs of their users by using the data export/import tools might send mobile push notifications to the wrong devices.
• Fixed various bugs resulting in missing translations; most importantly in the in-application search/markdown/hotkeys help widgets.
• Fixed several bugs that prevented browser undo from working in the compose box.
• Fixed search typeahead not working once you've added a full-text keyword.
• Fixed linkifier validation to prevent invalid linkifiers.
• Fixed Ctrl+. shortcut not working correctly with empty topics.
• Fixed numerous corner case bugs with email and mobile push notifications.
• Fixed a bug resulting in long LaTeX messages failing to render.
• Fixed buggy logic displaying users' last active time.
• Fixed confusing "delete stream" language for archiving streams.
• Fixed exceptions in races involving messages being deleted while processing a request to add emoji reactions, mark messages as read, or sending notifications.
• Fixed most remaining 500 errors seen in Zulip Cloud (these were already quite rare, so this process involved debugging several rare races, timeouts, and error handling bugs.).
• Fixed subtle bugs involving composing messages to deactivated users.
• Fixed subtle bugs with reloading the page while viewing settings with "Recent topics" as the default view.
• Fixed bug where pending email notifications could be lost when restarting the Zulip server.
• Fixed "require topics" setting not being enforced for API clients.
• Fixed several subtle Markdown rendering bugs.
• Fixed several bugs with message edit history and stream/topic moves.
• Fixed multiple subtle bugs that could cause compose box content to not be properly saved as drafts in various situations.
• Fixed several server bugs involving rare race conditions.
• Fixed a bug where different messages in search results would be incorrectly shown with a shared recipient bar despite potentially not being temporally adjacent.
• Fixed lightbox download button not working with the S3 upload backend.
• Increased default retention period before permanently removing deleted messages from 7 days to 30 days.
• Rate limiting now supports treating all Tor exit nodes as a single IP.
• Changed "From" header in invitation emails to no longer include the name of the user who sent the invitation, to prevent anti-phishing software from flagging invitations.
• Added support for uploading animated PNGs as custom emoji.
• Renamed "Night mode" to "Dark theme".
• Added the mobile app's notification sound to desktop sound options, as "Chime".
• Reworked the manage.py help interface to hide Django commands that are useless or harmful to run on a production system. Also deleted several useless management commands.
• Improved help and functionality of several management commands. New create_realm management command supports some automation workflows.
• Added RealmAuditLog logging for most administrative actions that were previously not tracked.
• Added automated testing of the upgrade process from previous releases, to reduce the likelihood of problems upgrading Zulip.
• Attempting to "upgrade" to an older version now gives a clear error message.
• Optimized critical parts of the message sending code path for large organizations.
• Optimized creating streams in very large organizations.
• Certain unprintable Unicode characters are no longer permitted in topic names.
• Added IP-based rate limiting for unauthenticated requests.
• Added documentation for Zulip's rate-limiting rules.
• Merged the API endpoints for a user's personal settings into the /settings endpoint with a cleaner interface.
• The server API now supports marking messages as unread, allowing this upcoming mobile app feature to work with Zulip 5.0.
• Added to the API most page-load parameters used by the web app application that were missing from the /register API.
• Simplified the infrastructure for rendering API documentation so that only a few pages require Markdown templates in addition to the OpenAPI specification file.
• Corrected many minor issues with the API documentation.
• Major improvements to both the infrastructure and content for Zulip's ReadTheDocs documentation for contributors and sysadmins.
• Major improvements to the mypy type-checking, discovered via using the django-stubs project to get Django stubs.
• Renamed main branch from master to main.

Release Zulip Server 5.0-rc1.